CVE-2025-57912
BaseFortify
Publication date: 2025-09-22
Last updated on: 2026-04-23
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| dialogity | dialogity_free_live_chat | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-57912 is a Cross Site Scripting (XSS) vulnerability in the WordPress Dialogity Free Live Chat Plugin versions up to 1.0.3. It allows a malicious actor with administrator privileges to inject and execute arbitrary scripts, such as redirects or advertisements, when visitors access the affected website. This occurs due to improper neutralization of input during web page generation, classified under OWASP Top 10 category A3: Injection. [1]
How can this vulnerability impact me? :
This vulnerability can impact you by allowing attackers with administrator access to inject malicious scripts into your website, which can execute when visitors load the page. This can lead to unwanted redirects, display of malicious advertisements, or other harmful HTML payloads. Although the severity is considered low (CVSS 5.9), it can compromise the integrity and trustworthiness of your website. Since no official patch exists and the plugin is abandoned, the recommended action is to remove and replace the plugin or apply a virtual patch. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of this vulnerability involves identifying the presence of the vulnerable Dialogity Free Live Chat plugin version 1.0.3 or earlier on your WordPress site. Since exploitation requires administrator privileges and involves stored XSS payloads, monitoring for unusual script injections or unexpected redirects in the chat plugin's output may help. However, no specific detection commands are provided. It is recommended to scan your WordPress plugins for version 1.0.3 or below and check for suspicious administrator activity or injected scripts in the chat interface. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include removing and replacing the Dialogity Free Live Chat plugin, as no official patch or fixed version is available and the plugin is abandoned. Simply deactivating the plugin is insufficient unless a virtual patch (vPatch) is applied. Patchstack offers a virtual patch that can auto-mitigate the vulnerability without an official fix. Users should consider alternative software and seek professional incident response if compromise is suspected. [1]